<!DOCTYPE html>
<html>
<head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>





<body>
系统载入中，请稍等...



<?php
//验证登陆信息
session_start();

$account              = $_REQUEST['account'];
$password             = $_REQUEST['password'];



include_once("../config.php");
$_user=select_one_line_all_items($table_prefix."employee","mid = '".$account."'");


//先判断接收的用户名，是否含有特殊字符。有的话，直接返回登陆框。
if (!preg_match("/^[0-9a-zA-Z]{3,12}$/", $account))
{echo "<script language='javascript'>alert('用户名不存在！');location='/gate/';</script>";}

elseif (!$_user) {echo "<script language='javascript'>alert('用户名不存在!');location='/gate/';</script>";}

elseif ($_user['authority'] != '是') {echo "<script language='javascript'>alert('没有登录权限！');location='/gate/';</script>";}

elseif ($_user['password'] != md5($password)) {echo "<script language='javascript'>alert('密码错误！');location='/gate/';</script>";}


elseif($_user)
{
    //全部校验通过 数据存入session
    $_SESSION['username']     = $_user['name'];
    $_SESSION['department']   = $_user['department'];
    $_SESSION['departmentid'] = $_user['departmentid'];
    $_SESSION['mid']          = $_user['mid'];
    $_SESSION['nid']          = $_user['nid'];
    $_SESSION['quanxian']     = $_user['quanxian'];
    $_SESSION['position']     = $_user['position'];
    $_SESSION['utoken']       = $_user['utoken'];

    $url="/controller/index.php";
    Header("Location: $url");

}

?>
